[PATCH] Samba VirusFilter (version 12)

Mon Jan 29 21:49:45 UTC 2018

On 01/29/2018 08:19 AM, Trever L. Adams wrote:
> On 01/23/2018 04:59 PM, ronnie sahlberg wrote:
>> You could even modify the query data you return for the file to set
>> the offline bit
>> as another visual cue to the user that "the file is there but there is
>> something wrong with it and you can't read it".
> Ronnie,
>
> Thank you for the idea.
>
> Jeremy and Ralph, attached is a first stab at this. There is a warning.
> In one place in the module there is a smb_fname = fsp_name that is set
> to be const. For this reason, I have made the function to mark things as
> offline have the smb_fname parameter const. Unfortunately,
>
> ../source3/modules/vfs_virusfilter.c: In function ‘infected_mark_offline’:
> ../source3/include/vfs_macros.h:398:50: warning: passing argument 2 of
> ‘smb_vfs_call_get_dos_attributes’ discards ‘const’ qualifier from
> pointer target type [-Wdiscarded-qualifiers]
>   smb_vfs_call_get_dos_attributes((handle)->next, (smb_fname), (attributes))
>
>
> As the two of you know Samba's internals much better than I, would you
> mind advising me on the correct way to go about fixing the warning and
> doing a preliminary review. Also, I do not know if this would be best to
> be default behavior. I have it currently defaulted to true.
>
> Alternatively, this could work more like vfs_offline and simply modify
> the return for the get dos attributes and fget dos attributes to be
> offline if the file is infected in the cache. i.e. no permanent
> attribute on disk, but would only work so long as files are in the scan
> results cache.
>
> Thank you.
> Trever

I have realized I misunderstood how SMB_VFS_NEXT_GET_DOS_ATTRIBUTES
works and that even if I didn't an error condition may keep dosmode in
the code from being initialized. I have now initialized the dosmode
variable to zero.

As for the const warning, I thought maybe quarantine should also be
covered by the mark offline capability, so I generalized the code, which
obviated the need to remove the const qualifier from both places I had
it (only needed from the new function) and also made it unnecessary to
discover whether it was a good idea (which I came to believe it wasn't)
to push the const qualifier into smb_vfs_call_get_dos_attributes as well.

The questions of should this be permanently set on the file or
opportunistically set based on the results cache (via similar ideas as
vfs_offline) and if this behavior should be the default remain. Beyond
that, I think this is very close to being ready. It compiles and works here.

Thank you.

Trever

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-capability-to-mark-infected-files-offline-to-vfs.patch
Type: text/x-patch
Size: 3666 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180129/961eda5f/0001-Add-capability-to-mark-infected-files-offline-to-vfs.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 886 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180129/961eda5f/signature.sig>